Для дома и для офисаДля бизнесаПартнерыКлубО компании

Remove CIA - Remote Access Trojan (RAT)

Remote Access Trojan or RAT for short is form of trojan horse that is often called backdoor because it provides the intruder, or remote user (hacker) special access (hole) to your PC from some control features to full control. CIA is classified as RAT because of it affect to infected system. CIA is considered to be very dangerous as it uses special technic to hide its activity from user and antivirus applications. Usually firewalls can detect its activity as CIA regularly tries to access internet to grant an access to its owner.

Description of CIA and certain parameters of the threat.

A hacker can break into the platform and setup own CIA. In both cases a private information threat gets installed without the affected buyer's knowledge and consent. It also is able to download and run applications, pilfer platform data. A CIA allows the intruder to work with an wormy PC in the same way as with its own Windows and use it for varied malicious destinations or even criminal offences. Sometimes even an anti-virus or adware removal tool can fail to put away a peculiar CIA, especially of a lawful one, which used for malicious targets. Malicious CIAs can be finded and removed with the help of effective anti-spyware products like Stronghold Antivirus and True Sword.

Threat indicator: HIGH

Threat data table:

Name of the threat:

Command or file name:

Threat type:

Affected OS:

CIA

winiogon.exe

Rat

Win32 (Windows 9x, Windows XP, Windows Vista, Windows Seven)


 

Become our customer and our software or support staff will remove CIA from your PC and fix problems that CIA created!

You can purchase any of our antivirus products or CIA Removal Tool and perform a scan. In case it doesn't find a problem you can request FREE CIA removal service in the form below or in support section. We will contact you in several minutes (as we have a lot of requests it can take up to couple of hours) and provide specific removal solution of CIA. Submit you request below.

Click to ask professional of CIA solution

Submit detailed description of your problem below:

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed description:
Attach suspicious file:
Here you can attach file you suspect to be virus or source of problem. If you want to attach several files, put them into one archive and attach it instead.

We will contact you back in less an hour after you click on this button.

Particular solution for your exact problem guaranteed!

It is important:

  1. We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you CIA removal solution.
  2. All fields of this form are obligatory.

CIA Automated Removal

CIA use specific intrusion methods and manual removal procedure of CIA is not a simple task. We developed automated tool created by our programmers, click here:

DownloadDownload FREE CIA Removal Tool

Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

You can try two other options: remove CIA manually or using proffesional support of our specialist:

* Removing CIA manually.

* Professional support in fixing all problems with CIA from our Security Support Team.

If you want to choose the last .


CIA - ways of infecting

CIA can infect your PC from different sources. It can infiltrate computer through peer-to-peer applications, adult sites and also it can come bundled with adware or spyware. Then it copies its file(s) to your hard disk. Its typical file name is winiogon.exe. Then it creates new startup key with name CIA and value winiogon.exe and will then load on every boot up. You can also locate it in your processes list with name winiogon.exe or CIA.

Download FREECIA Removal Tool

Safe and Quick Solution

If you are not sure what files to delete, or how to use registry editor use our award winning program - Free CIA Removal Tool.

CIA Removal Tool will find and fully remove CIA and all instances associated with CIA rat.

With CIA Removal Tool you get protection of your computer against CIA as you get 1-year licence for True Sword Antispyware. CIA Removal Tool scans your local disks and registry for CIA and removes everything found. Usually classic anti-virus software can't remove or even detect CIA.

Download CIA Removal Tool - FREE to useDownload CIA Removal Tool - FREE to use

Please take 1 second to show that you like our solution - click on this Facebook button:

Manual guide for CIA removal?

CIA can be manually removed by locating and deleting all registry keys and files connected with CIA and, of course, removing process from running on startup as well.

1. Remove the following processes:

no information

Warning: you should delete only those files with the names exactly the same as in the list and located in folders listed below. There may be legitimate system files with the same or near the same names. We recommend you to use FREE CIA Removal Tool for guaranteed threat removal.

2. Following folders created by CIA also need to be removed:

• %desktop%\cia_crack\stub\
• %desktop%\cia_crack\

3. Using registry editor find and remove this registry entries:

  • Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0
  • Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\FLAGS
  • Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\0\win32
  • Key: TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\HELPDIR
  • Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}
  • Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid
  • Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\ProxyStubClsid32
  • Key: Interface\{0958C4C9-77B0-4AA8-9364-7886BFCA7E39}\TypeLib
    Value: Version
  • Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}
  • Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\ProgID
  • Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\InprocServer32
    Value: ThreadingModel
  • Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\TypeLib
  • Key: CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\VERSION
  • Key: N.Cs4
  • Key: N.Cs4\Clsid
  • Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0
  • Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\FLAGS
  • Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\0\win32
  • Key: TypeLib\{B070DBE3-9C29-4F7E-BBE5-3A47FC6407DC}\1.0\HELPDIR
  • Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}
  • Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\ProxyStubClsid
  • Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\ProxyStubClsid32
  • Key: Interface\{F7B93155-C585-4080-92ED-0D68E651DA73}\TypeLib
    Value: Version
  • Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}
  • Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\ProgID
  • Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\InprocServer32
  • Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\TypeLib
  • Key: CLSID\{B1E8057A-781F-4D2E-A4A7-FEE8555431E8}\VERSION
  • Key: CIAPASS.Class1
  • Key: CIAPASS.Class1\Clsid
  • Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0
  • Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\FLAGS
  • Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\0\win32
  • Key: TypeLib\{68F45442-3569-11D7-90A8-00E0297F0885}\1.0\HELPDIR
  • Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}
  • Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid
  • Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid32
  • Key: Interface\{68F45443-3569-11D7-90A8-00E0297F0885}\TypeLib
    Value: Version
  • Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}
  • Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid
  • Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\ProxyStubClsid32
  • Key: Interface\{68F45444-3569-11D7-90A8-00E0297F0885}\TypeLib
    Value: Version
  • Key: CLSID\{68F45446-3569-11D7-90A8-00E0297F0885}
  • Key: CLSID\{68F45446-3569-11D7-90A8-00E0297F0885}\InprocServer32
  • Key: REPLACEICONX.ReplaceIconCtrl.1
  • Key: REPLACEICONX.ReplaceIconCtrl.1\CLSID
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\ProgID
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\InprocServer32
    Value: ThreadingModel
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\ToolboxBitmap32
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\MiscStatus
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\MiscStatus\1
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\Control
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\TypeLib
  • Key: CLSID\{68F45445-3569-11D7-90A8-00E0297F0885}\Version
  • Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0
  • Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\FLAGS
  • Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\0\win32
  • Key: TypeLib\{38DBA6AC-4054-4C32-A591-AFBDF5BF3D47}\1.0\HELPDIR
  • Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}
  • Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\ProxyStubClsid
  • Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\ProxyStubClsid32
  • Key: Interface\{D69DB564-1617-4687-A5C8-2780D6100967}\TypeLib
    Value: Version
  • Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}
  • Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\ProgID
  • Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\InprocServer32
  • Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\TypeLib
  • Key: CLSID\{08734035-3CAF-494A-9514-074420CF528F}\Version
  • Key: software\microsoft\windows nt\currentversion\windows\run
    Value: runtime process
  • Key: Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList
    Value: a
    Data: Cruel-Intentionz.exe
  • Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: shell
    Data: Explorer.exe C:\WINDOWS\WinIogon.exe

 

Следующее описаниее: Clandestine »

Узнать больше о CIA и winiogon.exe »

« Вернуться в каталог